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Abstract 


In program algebra, an algebraic theory of single-pass instruction 
sequences, three congruences on instruction sequences are paid atten- 
tion to: instruction sequence congruence, structural congruence, and 
behavioural congruence. Sound and complete axiom systems for the 
first two congruences were already given in early papers on program 
algebra. The current paper is the first one that is concerned with an 
axiom system for the third congruence. The presented axiom system is 
especially notable for its axioms that have to do with forward jump 
instructions. 

Keywords: program algebra, instruction sequence congruence, struc- 
tural congruence, behavioural congruence, axiom system 


1 Introduction 


Program algebra, an algebraic theory of single-pass instruction sequences, 
was first presented in [3] as the basis of an approach to programming language 
semantics. Various issues, including issues relating to programming language 
expressiveness, computability, computational complexity, algorithm efficiency, 
algorithmic equivalence of programs, program verification, program perform- 
ance, program compactness, and program parallelization, have been studied 
in the setting of program algebra since then. An overview of all the work 
done to date and some open questions originating from it can be found 

t [13]. Three congruences on instruction sequences were introduced in [3]: 
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instruction sequence congruence, structural congruence and behavioural 
congruence. Sound and complete axiom systems for instruction sequence 
congruence and structural congruence were already provided in [3], but an 
axiom system for behavioural congruence has never been provided. This 
paper is concerned with an axiom system for behavioural congruence. 

Program algebra is parameterized by a set of uninterpreted basic in- 
structions. In applications of program algebra, this set is instantiated by a 
set of interpreted basic instructions. In the case of most issues that have been 
studied in the setting of program algebra, the interpreted basic instructions 
are instructions to set and get the content of Boolean registers. In the case 
of a few issues, the interpreted basic instructions are other instructions, 
e.g. instructions to manipulate the content of counters or instructions to 
manipulate the content of Turing machine tapes (see e.g. [4]). 

In the uninstantiated case, behavioural congruence is the coarsest con- 
gruence respecting the behaviour produced by instruction sequences under 
execution that is possible with uninterpreted basic instructions. In the 
instantiated cases, behavioural congruence is the coarsest congruence re- 
specting the behaviour produced by instruction sequences under execution 
that is possible taking the intended interpretation of the basic instructions 
into account. In this paper, an emphasis is laid on the uninstantiated case. 
Yet attention is paid to the instantiation in which all possible instructions 
for Boolean registers are taken as basic instructions. 

The single-pass instruction sequences considered in program algebra 
are non-empty, finite or eventually periodic infinite instruction sequences. 
In this paper, the soundness question, i.e. the question whether derivable 
equality implies behavioural congruence, is fully answered in the affirmative. 
However, the completeness question, i.e. the question whether behavioural 
congruence implies derivable equality, is answered in the affirmative only 
for the restriction to finite instruction sequences because of problems in 
mastering the intricacy of a completeness proof for the unrestricted case. 

In [3], basic thread algebra, an algebraic theory of mathematical objects 
that model in a direct way the behaviours produced by instruction sequences 
under execution, was introduced to describe which behaviours are produced 
by the instruction sequences considered in program algebra.” It is rather 
awkward to describe and analyze the behaviours of this kind using algebraic 
theories of processes such as ACP [1, 2], CCS [11, 14] and CSP [10, 12]. 


In [3], basic thread algebra is introduced under the name basic polarized process 
algebra. 
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However, the objects considered in basic thread algebra can be viewed as 
representations of processes as considered in ACP (see e.g. [6]). Basic thread 
algebra is parameterized by a set of uninterpreted basic actions and, when 
it is used for describing the behaviours produced by instruction sequences 
under execution, basic instructions are taken as basic actions. Like in [3], 
basic thread algebra will be used in this paper for describing the behaviours 
produced by the instruction sequences considered in program algebra and to 
define the notion of behavioural congruence of instruction sequences. 

This paper is organized as follows. First, we introduce a version of 
program algebra with axioms for instruction sequence congruence, structural 
congruence, and behavioural congruence (Section 2). Next, we present the 
preliminaries on basic thread algebra that are needed in the rest of the 
paper (Section 3). After that, we describe which behaviours are produced 
by instruction sequences under execution and define a notion of behavioural 
congruence for instruction sequences (Section 4). Then, we go into the 
soundness and completeness of the presented axiom system with respect to 
the defined notion of behavioural congruence (Section 5). Following this, we 
look at the instantiation of program algebra in which all possible instructions 
for Boolean registers are taken as basic instructions (Section 6). Finally, we 
make some concluding remarks (Section 7). 


The following should be mentioned in advance. The set B of Boolean 
values is a set with two elements whose intended interpretations are the truth 
values false and true. As is common practice, we represent the elements of 
B by the bits 0 and 1. 

This paper draws somewhat from the preliminaries of earlier papers 
that built on program algebra and basic thread algebra. The most recent 
one of the papers in question is [9]. 


2 Program Algebra for Behavioural Congruence 


In this section, we present PGA*. PGA?® is a version of PGA (ProGram 
Algebra) with, in addition to the usual axioms for instruction sequence 
congruence and structural congruence, axioms for behavioural congruence. 

The instruction sequences considered in PGA*® are single-pass in- 
struction sequences of a particular kind.? It is assumed that a fixed but 


3The instruction sequences concerned are single-pass in the sense that they are in- 
struction sequences of which each instruction is executed at most once and can be dropped 
after it has been executed or jumped over. 
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arbitrary set A of basic instructions has been given. A is the basis for the 
set of instructions that may occur in the instruction sequences considered 
in PGA®*. The intuition is that the execution of a basic instruction may 
modify a state and must produce a Boolean value as reply at its completion. 
The actual reply may be state-dependent. 

The set of instructions of which the instruction sequences considered in 
PGA"® are composed is the set that consists of the following elements: 


e for each a € A, a plain basic instruction a; 
e for each a € A, a positive test instruction +a; 


e for each a € A, a negative test instruction —a; 


for each 1 € N, a forward jump instruction #1; 
e a termination instruction !. 


We write Z for this set. The elements from this set are called primitive 
instructions. 

Primitive instructions are the elements of the instruction sequences 
considered in PGA®*. On execution of such an instruction sequence, these 
primitive instructions have the following effects: 


e the effect of a positive test instruction +a is that basic instruction a is 
executed and execution proceeds with the next primitive instruction if 
1 is produced and otherwise the next primitive instruction is skipped 
and execution proceeds with the primitive instruction following the 
skipped one — if there is no primitive instruction to proceed with, 
inaction occurs; 


e the effect of a negative test instruction —a is the same as the effect of 
+a, but with the role of the value produced reversed; 


e the effect of a plain basic instruction a is the same as the effect of 
+a, but execution always proceeds as if 1 is produced; 


e the effect of a forward jump instruction #/ is that execution proceeds 
with the /th next primitive instruction — if | equals 0 or there is no 
primitive instruction to proceed with, inaction occurs; 


e the effect of the termination instruction ! is that execution terminates. 
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Inaction occurs if no more basic instructions are executed, but execution 
does not terminate. 

PGA?© has one sort: the sort IS of instruction sequences. We make 
this sort explicit to anticipate the need for many-sortedness later on. To 
build terms of sort IS, PGA®° has the following constants and operators: 


e for each u € Z, the instruction constant u:—-> IS; 
e the binary concatenation operator _;_:IS x IS— IS; 
e the unary repetition operator _”:IS > IS. 


Terms of sort IS are built as usual in the one-sorted case. We assume that 
there are infinitely many variables of sort IS, including X,Y, Z. We use infix 
notation for concatenation and postfix notation for repetition. 

A PGA© term in which the repetition operator does not occur is called 
a repetition-free PGAP* term. 

One way of thinking about closed PGA* terms is that they represent 
non-empty, finite or eventually periodic infinite sequences of primitive in- 
structions.* The instruction sequence represented by a closed term of the 
form t;t’ is the instruction sequence represented by t concatenated with the 
instruction sequence represented by ¢’. The instruction sequence represented 
by a closed term of the form ¢” is the instruction sequence represented by t 
concatenated infinitely many times with itself. A closed PGA* term repre- 
sents a finite instruction sequence if and only if it is a closed repetition-free 
PGAP§© term. 

In this paper, closed PGA*® terms are considered equal if the instruction 
sequences that they represent can always take each other’s place in an in- 
struction sequence in the sense that the behaviour produced under execution 
remains the same irrespective of the interpretation of the instructions from 
A. In other words, equality of closed terms stands in PGA®® for a kind of 
behavioural congruence of the represented instruction sequences. The kind 
of behavioural congruence in question will be made precise in Section 4. 

The axioms of PGA are given in Table 1. In this table, n stands for 
an arbitrary natural number from Nj,° u, u1,...,ug and v1,..., Vpr44 Stand 
for arbitrary primitive instructions from TZ, k, k’, and | stand for arbitrary 
natural numbers from N, and a stands for an arbitrary basic instruction 


4 An eventually periodic infinite sequence is an infinite sequence with only finitely many 
distinct suffixes. 
°We write N; for the set {n € N| n> 1} of positive natural numbers. 
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Table 1: Axioms of PGAP* 


(X;Y);Z=X3(Y3Z) PGAI 
(xr) = xe PGA2 
XY ;Y= xX” PGA3 
(XY! =Xs(¥; Xe PGA4 
#k+13;ui;...;up; #0 = #0; u1;...; up; #0 PGA5 
#k+15u1;..-;ur;#l = #l+k+13u1;...; urn; #l PGA6 
(#l+k413u1;...5 ug)? = (#l3ur3...5 up)” PGA7 
#I+K+K +2 5 U1 5.6.5 Ue (U1 5-5 UE ge = 

HIAK+L 5 uy 5... Ue (U1 5 5 Urge)” PGA8 
a;#0;#0=a; #0; #0 PGAQ 
a;#0;#0=a;#0; #0 PGA10 
t+a;#l=a;#1 PGAI1 
-—a;#l=a;#1 PGA12 
a; #142; #141 =a; #142; #141 PGA13 
a; #142; #141 =a; #142; #141 PGAI4 
ta;!;!=a;!;! PGAI15 
—a;!;!=a;!;! PGAI16 
ta;u”"¥ =a;u” PGA17 
—a;u" =a;u” PGA18 
Hh13 ; #RAS: HRAS 50 5.2.5 tp ta = +0; Hk+8; Hk43 3a ;...;tn; +a PGA19 
H#k+3 ;#k+3 5; ##k+35u13...5 un 5 —-a = —a; #k4+3; #k435u15...; up; —a PGA20 
Hk+2;#k4+23u1;...;Up;@=a;#k425u1;...;upja PGA21 
Hkt+k’+43u1;...3Up; +a; #k'4+3; #R'4+35015...5 0Ugr 5 ta = 

#k+13u1;...;up; ta; #hk'+3; #k'4+33015...5 vgs 5 +a PGA22 
Hktk’+43u1;...5Ug;—@;Fk'+3 ; #R'433015...5 Ugr 5 -Q = 

#k+1 5 u13...3 Up; —@; #R'+3 5 #R'43 5.01 5...5 vgr 3 PGA23 
RAK +3 5 U1 3 ---5 Up 5 O53 RAD; V1 5. UR pas 

#k+1juy3...3 up 3a; #k'+25015...5 UR sa PGA24 
#ktljur;...;up;!=!3;ur;...;ug;! PGA25 
#k41;(ur;...; Up; uy” =(ujur;...; ug)” PGA26 
(#k+2; #k4+13u1;...;upn;3 +a)” = (a; #k4+13u13...3 up ja)” PGA27 
(#k+2; #k4+13u1;...;up3—a)” = (a; #k4+13u13...3; up 3a)” PGA28 
(#k+2; #k4+13u1;...;upj; a)” = (a; #k413u13...3; un; a)” PGA29 
(ur; .--3 Up41)% = a” 


if, for alli € {1,...,k+1}, ui € {a,+a,—a} or, for somel € {1,...,k}, 
uj = #l and ucigiymoa(k+1) € {a, +a, —a} PGA30 
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from A. For each n € Nj, the term t”, where t is a PGA* term, is defined 
by induction on n as follows: t! = t, and t?t! =t;t”. 

If t = t’ is derivable from PGA1—PGA4, then t and ¢’ represent the same 
instruction sequence. In this case, we say that the represented instruction 
sequences are instruction sequence congruent. We write PGA*®* for the 
algebraic theory whose sorts, constants and operators are those of PGA, 
but whose axioms are PGA1—PGA4. 

The unfolding equation X” = X ; X” is derivable from the axioms of 
PGA€° by first taking the instance of PGA2 in which n = 2, then applying 
PGA4, and finally applying the instance of PGA2 in which n = 2 again. 

A closed PGA"® term is in first canonical form if it is of the form t or 
t;t/”, where ¢ and t’ are closed repetition-free PGA" terms. The following 
proposition relates PGA‘* and first canonical forms. 


Proposition 1 For all closed PGA"® terms t, there exists a closed PGAY° 
term t' that is in first canonical form such that t = t' is derivable from the 
axioms of PGA®’. 


Proof: The proof is analogous to the proof of Lemma 2.2 from [5]. 


If t = t’ is derivable from PGA1—PGAS8, then t and t’ represent the 
same instruction sequence after changing all chained jumps into single jumps 
and making all jumps ending in the repeating part as short as possible if 
they are eventually periodic infinite sequences. In this case, we say that 
the represented instruction sequences are structurally congruent. We write 
PGA* for the algebraic theory whose sorts, constants and operators are 
those of PGA*, but whose axioms are PGA1—-PGA8. 

A closed PGA* term t has chained jumps if there exists a closed 
PGA*®* term ¢’ such that t = t’ is derivable from the axioms of PGA®° 
and ¢/ contains a subterm of the form #n+1;u,;...;uU,;#l. A closed 
PGA*® term ¢ that is in first canonical form has a repeating part if it is of 
the form u,;...; Um; (v1;...3; UR)”. A closed PGA®* term t of the form 
U13---3Um3(U1;.--3 UK)” has shortest possible jumps ending in the repeating 
part if: (i) for each i € [1,m] for which wu, is of the form #1, 1<k+m-—i; 
(ii) for each j € [1,k] for which v; is of the form #1, 1 <k-—1. A closed 
PGA"® term is in second canonical form if it is in first canonical form, does 
not have chained jumps, and has shortest possible jumps ending in the 
repeating part if it has a repeating part. The following proposition relates 
PGA* and second canonical forms. 
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Proposition 2 For all closed PGA** terms t, there exists a closed PGA® 
term t’ that is in second canonical form such that t = t' is derivable from 
the axioms of PGA*. 


Proof: The proof is analogous to the proof of Lemma 2.3 from [5]. 


If t = t’ is derivable from PGA1—PGA30, then ¢ and ¢’ represent 
instruction sequences that can always take each other’s place in an instruction 
sequence without affecting the behaviour produced under execution in an 
essential way. In this case, we say that the represented instruction sequences 
are behaviourally congruent. In Section 4, we will use basic thread algebra to 
make precise which behaviours are produced by the represented instruction 
sequences under execution. 

Axioms PGA1—PGA8 originate from [3]. Axioms PGA9-PGA30 are 
new and some of them did not come into the picture until we recently 
attempted to obtain a complete axiom system for behavioural congruence. 

Henceforth, the instruction sequences of the kind considered in PGA®*, 
PGA®**, and PGA?® are called PGA instruction sequences. 


3. Basic Thread Algebra for Finite and Infinite 
Threads 


In this section, we present an extension of BTA (Basic Thread Algebra) that 
reflects the idea that infinite threads are identical if their approximations up 
to any finite depth are identical. 

BTA is concerned with mathematical objects that model in a direct 
way the behaviours produced by PGA instruction sequences under execution. 
The objects in question are called threads. A thread models a behaviour that 
consists of performing basic actions in a sequential fashion. Upon performing 
a basic action, a reply from an execution environment determines how the 
behaviour proceeds subsequently. The basic instructions from A are taken 
as basic actions. 

BTA has one sort: the sort T of threads. We make this sort explicit to 
anticipate the need for many-sortedness later on. To build terms of sort T, 
BTA has the following constants and operators: 


e the inaction constant D:—- T; 


e the termination constant S:—> T; 


Axioms for Behavioural Congruence 
of Single-Pass Instruction Sequences 119 


e for each a € A, the binary postconditional composition operator 
_dab_:Tx Tor. 


Terms of sort T are built as usual in the one-sorted case. We assume that 
there are infinitely many variables of sort T, including x,y,z. We use infix 
notation for postconditional composition. We introduce basic action prefixing 
as an abbreviation: aot, where t is a BTA term, abbreviates t dal t. We 
treat an expression of the form aot and the BTA term that it abbreviates 
as syntactically the same. 

Different closed BTA terms are considered to represent different threads. 
The thread represented by a closed term of the form t Ja t’ models the 
behaviour that will first perform a, and then proceed as the behaviour 
modeled by the thread represented by ¢ if the reply from the execution 
environment is 1 and proceed as the behaviour modeled by the thread 
represented by t’ if the reply from the execution environment is 0. The 
thread represented by S models the behaviour that will do no more than 
terminate and the thread represented by D models the behaviour that will 
become inactive. 

Closed BTA terms are considered equal if they represent the same thread. 
Equality of closed terms stands in BTA for syntactic identity. Therefore, 
BTA has no axioms. 

Each closed BTA term represents a finite thread, i.e. a thread with 
a finite upper bound to the number of basic actions that it can perform. 
Infinite threads, i.e. threads without a finite upper bound to the number 
of basic actions that it can perform, can be defined by means of a set of 
recursion equations (see e.g. [4]). A regular thread is a finite or infinite thread 
that can only be in a finite number of states. The behaviours produced 
by PGA instruction sequences under execution are exactly the behaviours 
modeled by regular threads. 

Two infinite threads are considered identical if their approximations 
up to any finite depth are identical. The approximation up to depth n of a 
thread models the behaviour that differs from the behaviour modeled by the 
thread in that it will become inactive after it has performed n actions unless 
it would terminate at this point. AIP (Approximation Induction Principle) is 
a conditional equation that formalizes the above-mentioned view on infinite 
threads. In AIP, the approximation up to depth n is phrased in terms of 
the unary projection operator 7, :T —> T. 

The axioms for the projection operators and AIP are given in Table 2. In 
this table, a stands for an arbitrary basic action from A and n stands for an 
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Table 2: Axioms of BTA® 


mo(z) =D PR1 
Tn+1(D) =D PR2 
Tn+1(S) =S PR3 
Tn4i1(@ Jab y) = mn(x) dab an(y) PR4 
Anso Trl) = rly) cr=y AIP 


Table 3: Axioms for the thread extraction operator 


a|=aoD TE1 #1| =D TE7 
a;X|=ao|X| TE2 #0;X|=D TE8 
+a|=aoD TE3 #1;X| = |X| TE9 
+a;X|=|X|<ab |#2;X| TEA |#l+2;u)=D TE10 
—a|=aoD TE5 #14+2;u;X|= |#l+1;X| TE11 
—a;X| = |#2;X|dab |X| TEG !=S TE12 

1;X|=S TE13 


arbitrary natural number from N. We write BTA® for BTA extended with 
the projection operators, the axioms for the projection operators, and AIP. 


4 ‘Thread Extraction and Behavioural Congruence 


In this section, we make precise in the setting of BTA® which behaviours 
are produced by PGA instruction sequences under execution and introduce 
the notion of behavioural congruence on PGA instruction sequences. 

To make precise which behaviours are produced by PGA instruction 
sequences under execution, we introduce an operator |_| meant for extracting 
from each PGA instruction sequence the thread that models the behaviour 
produced by it under execution. For each closed PGA® term t, |t| represents 
the thread that models the behaviour produced by the instruction sequence 
represented by t under execution. 

Formally, we combine PGA" with BTA® and extend the combination 
with the thread extraction operator |_|: IS — T and the axioms given in 
Table 3. In this table, a stands for an arbitrary basic instruction from A, 
u stands for an arbitrary primitive instruction from Z, and / stands for an 
arbitrary natural number from N. 

If a closed PGA*® term t represents an instruction sequence that starts 
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with an infinite chain of forward jumps, then TE9 and TE11 can be applied 
to |t| infinitely often without ever showing that a basic action is performed. 
In this case, we have to do with inaction and, being consistent with that, 
t = #0; is derivable from the axioms of PGA*®* for some closed PGAP° 
term t’. By contrast, t = #0; t! is not derivable from the axioms of PGA‘. 
If closed PGA*® terms t and ¢’ represent instruction sequences in which no 
infinite chains of forward jumps occur, then t = ¢’ is derivable from the 
axioms of PGA* only if |t| = |t’| is derivable from the axioms of PGA'®° and 
TE1-TE13. 

If a closed PGA”* term t represents an infinite instruction sequence, 
then we can extract the approximations of the thread modeling the behaviour 
produced by that instruction sequence under execution up to every finite 
depth: for each n € N, there exists a closed BTA term t” such that 7,(|t}) = 
t” is derivable from the axioms of PGA**, TE1-TE13, the axioms of BTA, 
and PR1-PR4. If closed PGA®® terms ¢ and t’ represent infinite instruction 
sequences that produce the same behaviour under execution, then this can 
be proved using the following instance of AIP: As Mm/(|t]) = m(|t’|) > 
|¢| = |é"|. 

PGA instruction sequences are behaviourally equivalent if they produce 
the same behaviour under execution. Behavioural equivalence is not a con- 
gruence. Instruction sequences are behaviourally congruent if they produce 
the same behaviour irrespective of the way they are entered and the way 
they are left. 

Let ¢ and t’ be closed PGA** terms. Then: 


e tand?’ are behaviourally equivalent, written t =pe t’, if |t] = |t’| is 
derivable from the axioms of PGA**®, TE1—-TE13, and the axioms of 
BTA®. 


e t and ¢t’ are behaviourally congruent, written t =p. t’, if, for each 
LneN, #1;t;!" Spe #1; ¢ 5 !".® 


Behavioural congruence is the largest congruence contained in behavioural 
equivalence. Moreover, structural congruence implies behavioural congru- 
ence. 


Proposition 3 For all closed PGA®® terms t and t', t =t' is derivable from 
the axioms of PGA only if t Sp. t’. 


SWe use the convention that t; t’ ° stands for t. 
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Proof: The proof is analogous to the proof of Proposition 2.2 from [5]. 
In that proof use is made of the uniqueness of solutions of sets of recursion 
equations where each right-hand side is a BTA term of the form D, S or 
slabs’ with BTA terms s and s’ that contain only variables occurring 
as one of the right-hand sides. This uniqueness follows from AIP (see also 
Corollary 2.1 from [5}). 


Conversely, behavioural congruence does not implies structural congruence. 
7 


For example, +a;!;! &,. —a;!;!, but ta;!;!=—a;!;! is not derivable 
from the axioms of PGA‘. 


5 Axioms of PGA and Behavioural Congruence 


The axioms of PGAP®° are intended to be used for establishing behavioural 
congruence in a direct way by nothing more than equational reasoning. Two 
questions arise: the soundness question, i.e. the question whether derivable 
equality implies behavioural congruence, and the completeness question, i.e. 
the question whether behavioural congruence implies derivable equality. The 
two theorems presented in this section concern these questions. The first 
theorem fully answers the soundness question in the affirmative. The second 
theorem answers the completeness question in the affirmative only for the 
restriction obtained by excluding the repetition operator because of problems 
in mastering the intricacy of a completeness proof for the unrestricted case. 

We start with a few additional definitions and results which will be 
used in the proof of the theorems. 

A closed PGA* term t has simplifiable control flow if there exists a 
closed PGA* term t/ such that t = t/ is derivable from the axioms of PGA®¢ 
and t’ contains a subterm of the same form as the left-hand side of one of 
the axioms PGA9-PGA30. The intuition is that a closed PGA"* term has 
simplifiable control flow if the instruction sequence that it represents has 
unnecessary tests, unnecessary jumps or needlessly long jumps. A closed 
PGA"® term is in third canonical form if it is in second canonical form and 
does not have simplifiable control flow. 

The following proposition relates PGA®* and third canonical forms. 


Proposition 4 For all closed PGA terms t, there exists a closed PGA"* 
term t' that is in third canonical form such that t = t' is derivable from the 
axioms of PGA*®. 
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Proof: By Proposition 2, there exists a closed PGA term t” that is 
in second canonical form such that t = t” is derivable from the axioms of 
PGA“. If ¢” has simplifiable control flow, it can be transformed into a closed 
PGA§© term that does not have simplifiable control flow by applications of 
PGA9-PGA30 possibly alternated with applications of PGA1 and/or PGA4. 


Proposition 4 is important to the proof of Theorem 2 below. Actually, 
there are some axioms among PGA9-PGA30 that did not turn up until the 
elaboration of the proof of Theorem 2. 

The set of basic PGA®* terms is inductively defined as follows: 


e ifu€Z, then u is a basic PGA?* term; 


e ifwe Zandt isa basic PGA" term, then u;t is a basic PGA* term; 
and 


e if t isa basic PGA** term, then t” is a basic PGA? term. 


Obviously, for all closed PGA** terms t, there exists a basic PGA term t/ 
such that t = t’ is derivable from PGA1. 


Lemma 1 For all basic repetition-free PGA®® terms t that are in third 
canonical form, t is of one of the following forms: 


(a) u, where u € T; 


(b) u;t', where u € TL and t' is a basic repetition-free PGAP* term that is 
in third canonical form. 


Proof: This lemma with all occurrences of “third canonical form” replaced 
by “first canonical form” follows immediately from the definitions of basic 
PGA term and first canonical form. Moreover, in the case that t is of 
the form (b), it follows immediately from the definitions concerned that 
the properties “does not have chained jumps”, “has shortest possible jumps 
ending in the repeating part”, and “does not have simplifiable control flow’ 
carry over from t to t’. This means that ?¢’ is also in third canonical form. 


y] 


In the rest of this section, we refer to the possible forms of basic PGA® 
terms that are in third canonical form as in Lemma 1. 
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Lemma 2 For all basic repetition-free PGA*® terms t and t' that are in 
third canonical form, t =p. t! only if 


(1) t is of the form (a) iff t’ is of the form (a); 
(2) t is of the form (b) iff t’ is of the form (b). 


Proof: Suppose that ¢ and ¢’ are in third canonical form and t &p, t’. 
Property (1) is trivial because, in the case that t is of the form (a), 
Bet frat! 
Property (2) follows immediately from Lemma 1 and the consequence 
of property (1) that, in the case that t is of the form (b), t/ is not of the 
form (a). 


We now move on to the two theorems announced at the beginning of 
this section. 


Theorem 1 For all closed PGA" terms t and t', t = t' is derivable from 
the axioms of PGA®® only if t =e t’. 


Proof: Because =p- is a congruence, it is sufficient to prove for each 
axiom of PGA** that, for all its closed substitution instances t = t/, 
t p< t’. For PGA1-PGAS, this follows immediately from Proposition 3. For 
PGA9-PGA3B0, it follows very straightforwardly from the definition of &p,<, 
TEI1-TE13, and in the case of PGA17 and PGA18, the unfolding equation 
XY =X; X”, 


Theorem 2 For all closed repetition-free PGA terms t and t', t= t' is 
derivable from the axioms of PGA”® if t Sp. t’. 


Proof: See Appendix A. 


We will conclude Appendix A by going into the main problem that we 
have experienced in mastering the intricacy of a proof of the unrestricted 
version of Theorem 2, which reads as follows: 


for all closed PGA®* terms t and t’, t= t! is derivable from the 
axioms of PGA®® if t 2b t!. 


"We write = for syntactic identity. 
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6 The Case of Instructions for Boolean Registers 


In this section, we present the instantiation of PGA>° in which all possible 
instructions for Boolean registers are taken as basic instructions. This 
instantiation is called PGAPS (PGA* with instructions for Boolean registers). 
In order to justify the additional axioms of PGALS, we also present the 
instantiation of BTA in which all possible instructions for Boolean registers 
are taken as basic actions and adapt the definitions of behavioural equivalence 
and behavioural congruence to closed PGAPS terms using this instantiation 
of BTA. 

In PGAPS, it is assumed that a fixed but arbitrary set F of foci has 
been given. Foci serve as names of Boolean register services. 

The set of basic instructions used in PGAPe consists of the following: 


e for each f € F and p,q: B — B, a basic Boolean register instruction 


f.p/q. 


We write Ap, for this set. 

The intuition is that the execution of a basic Boolean register instruction 
may modify the register content of a Boolean register service and must 
produce a Boolean value as reply at its completion. The actual reply may 
be dependent on the register content of the Boolean register service. More 
precisely, the execution of a basic Boolean register instruction has the 
following effects: 


e if the register content of the Boolean register service named f is b when 
the execution of f.p/q starts, then its register content is q(b) when the 
execution of f.p/q terminates; 


e if the register content of the Boolean register service named f is b when 
the execution of f.p/q starts, then the reply produced on termination 
of the execution of f.p/q is p(b). 


The execution of f.p/q has no effect on the register content of Boolean 
register services other than the one named f/f. 

— B, the set of all unary Boolean functions, consists of the following 
four functions: 


e the function 0, satisfying 0(0) = 0 and 0(1) = 0; 


e the function 1, satisfying 1(0) = 1 and 1(1) = 1; 
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Table 4: Additional axioms for PGAbe 
+f.0/p = —f.1/p PGAbr1 
+f.1/p = —f.0/p PGAbr2 
+f.i/p = —f.c/p PGAbr3 
+f.c/p = —f.i/p PGAbr4 
+f.1/p = f.q/p  PGAbr5d 


e the function i, satisfying i(0) = 0 and i(1) = 1; 
e the function c, satisfying c(0) = 1 and c(1) = 0. 


In [7], we actually used the methods 0/0, 1/1, and i/i, but denoted them 
by set:0, set:1 and get, respectively. In [8], we actually used, in addition to 
these methods, the method c/c, but denoted it by com. 

We write Zp, for the set Z of primitive instructions in the case where 
Apr is taken as the set A. 

The constants and operators of PGAPS are the constants and operators 
of PGA®© in the case where Z;, is taken as the set TZ. 

Closed PGAPS terms are considered equal if the instruction sequences 
that they represent can always take each other’s place in an instruction 
sequence in the sense that the behaviour produced under execution remains 
the same under the intended interpretation of the instructions from A},. 
In other words, equality of closed terms stands in PGAPs for a kind of 
behavioural congruence of the represented instruction sequences. The kind 
of behavioural congruence in question will be made precise at the end of this 
section. 

The axioms of PGAbe are the axioms of PGA?® and in addition the 
axioms given in Table 4. In this table, f stands for an arbitrary focus from 
F, and p and q stand for arbitrary unary Boolean functions from B > B. 

If t =?’ is derivable from the axioms of PGARS, then ¢ and ¢’ represent 
instruction sequences that can always take each other’s place in an instruction 
sequence without affecting the behaviour produced under execution in an 
essential way, taking the intended interpretation of the instructions from 
Apr into account. Below, we introduce the instantiation of BTA in which 
all possible instructions for Boolean registers are taken as basic actions to 
make this precise. 

Henceforth, the instruction sequences of the kind considered in PGAPS 
are called PGA », instruction sequences. 
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Table 5: Axioms of BTA, 
xi f.0/qey=yaf.1/qea2 BTAbr1 
xifi/qey=ydf.c/qea BTAbr2 
xdfi/qey=adfp/qea« BTAbr3 


The instantiation of BTA referred to above is called BTA,, (BTA with 
instructions for Boolean registers). In BTAp;, the effects of performing a 
basic action on both the register content of Boolean register services and the 
way in which the modeled behaviour proceeds subsequently to performing 
the basic action concerned correspond to the intended interpretation of the 
basic action when it is considered to be a basic instruction. 

The constants and operators of BTA}, are the constants and operators 
of BTA in the case where A}, is taken as the set A. 

The idea behind equality of BTA}, terms is that two closed BTA}, 
terms are equal if they represent threads that can be made the same by a 
number of changes that never influences at any step of the modeled behaviour 
the effects of the basic action performed on the register content of Boolean 
register services and the way in which the modeled behaviour proceeds. 
Equality of closed terms stands in BTA», for a kind of congruence of the 
represented threads which originates from the notion of effectual equivalence 
of basic instructions introduced in [9]. 

The axioms of BTA p, are given in Table 5. In this table, f stands for 
an arbitrary focus from ¥, and p and q stand for arbitrary unary Boolean 
functions from B > B. 

Like BTA, we can extend BTA», with the projection operators, the 
axioms for the projection operators and AIP. We write BTA?’ for the 
resulting theory. 


To make precise which behaviours are produced by PGA p, instruction 
sequences under execution, we combine PGAPS with BTA?’ and extend the 
combination with the thread extraction operator and the axioms for the 
thread extraction operator. 

PGAbp, instruction sequences are behaviourally equivalent if the behavi- 
ours that they produce under execution are the same under the intended 
interpretation of the instructions from Ap. 

Let ty and te be closed PGAbe terms. Then: 


e tandt’ are behaviourally equivalent, written t =pe t’, if |t]| = |t’| is 
derivable from the axioms of PGA*’, TE1—-TE13, and the axioms of 
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BTA®. 


e t and t’ are behaviourally congruent, written t =p. t’, if, for each 
Lave Niels tal! Spee ls ee 


It is obvious that, with this adapted definition of behavioural congruence, 
Theorem 1 goes through for closed PGAPS terms and Theorem 2 goes through 
for closed repetition-free PGA terms. 


7 Concluding Remarks 


In program algebra, three congruences on instruction sequences are paid 
attention to: instruction sequence congruence, structural congruence, and 
behavioural congruence. However, an axiom system for behavioural congru- 
ence had never been given. In this paper, we have given an axiom system 
for behavioural congruence and proved its soundness for closed terms and 
completeness for closed repetition-free terms. This means that behavioural 
congruence of finite instruction sequences can now be established in a direct 
way by nothing more than equational reasoning. In earlier work, it had to 
be established in an indirect way, namely via thread extraction, by reasoning 
that was not purely equational. It is an open question whether the axiom 
system is also complete for closed terms in the case where the closed terms 
considered are not restricted to the repetition-free ones. 


A Appendix 


In this appendix, we outline the proof of Theorem 2. We do not give full 
details of the proof because the full proof is really tedious. We have aimed 
at providing sufficient information in the outline of the proof to make a 
reconstruction of the full proof a routine matter. 


Proof of Theorem 2: 


For all closed PGA"® terms s, there exists a basic PGA* term s’ such that 
s = 8' is derivable from PGA1. Moreover, for all closed PGA®* terms s and 
s', s =! is trivially derivable from the axioms of PGA*®° if s = s’. By these 
facts, Proposition 4, and Theorem 1, it is sufficient to prove: 


for all basic repetition-free PGA®* terms t and t’ that are in third 
canonical form, t = t’ if t =p. U’. 
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We prove this by induction on the depth of t and case distinction on the 
form of t according to Lemma 1. 

The case t = u, for u € Z, is trivial because t =}, t’ only ift=t’. 

The case t = u;s, for u € Z and basic repetition-free PGA* term s 
that is in third canonical form, is more involved. It follows immediately from 
Lemma 2 that in this case t =p, t’ only if t/ = u’;s’ for some u’ € Z and basic 
repetition-free PGA** term s’ that is in third canonical form. Let u’ € Z and 
s' be a basic repetition-free PGA* term that is in third canonical form such 
that t/ =u’; s’. Then it follows immediately from the definition of =p. that 
t =p. t’ only if s =p. s’. Hence, by the induction hypothesis, we have that 
t =p. t’ only if s = s’. We proceed with a case analysis on (u, u’). There exist 
25 combinations of kinds of primitive instructions. In 9 of these combinations, 
it matters whether the basic instructions involved are the same and, in 1 of 
these combinations, it matters whether the natural numbers involved are the 
same. Hence, in total, there are 35 cases to consider. However, 5 cases are 
trivial because in those cases u = u’ and 13 cases are covered by a symmetric 
case. Of the remaining 17 cases, 9 cases contradict t =p, t’. Left over are 
the following 8 cases: (u, u’) = (+a,a), (u, u’) = (—a,a), (u,u’) = (+a, —a), 
(u, u’) = (#1, +a), (u, u’) = (#1, —a), (u, u’) = (#l,a), (u, wu’) = (#1, #1) 
with 1Al’, (u,u’) = (#l,!). The proof now continues with a case analysis 
on (s, 8’) for each of these eight cases, using implicitly the above-mentioned 
fact that s = s’ each time that the conclusion is drawn that there is a 
contradiction with t =p_ t’. We will also implicitly use several times the easy 
to check fact that, for all basic repetition-free PGA>* terms r that are in 
third canonical form, |r| 4 |#/+2;r| and |r| A |ur;...;ug4i;7| if ur =a or 
uy = +a or uy = —a. 

In the analysis for the case (u, u’) = (+a,a), we make a case distinction 
on the form of s according to Lemma 1: 


e in the case that s = v, we make a further case distinction on the form 
of v: 


if v = 6b or v= +0 or v = —), then we have |+a;v| 4 |a; v| and 


hence a contradiction with t =p. t’; 


— if v = #0, then we have |+a;v;!| 4 Ja; v;!| and hence a 
contradiction with t =p. t’; 

— if v= #1, then ¢ is not in third canonical form; 

— if v = #142, then we have |+a;v;!| 4 |a;v;!] and hence a 


contradiction with t =p. t’; 
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— ifv=!, then we have |+a;v| 4 |a; v| and hence a contradiction 
with t =. U; 


e in the case that s = v;r, for some basic repetition-free PGA* term r 
that is in third canonical form, we make a further case distinction on 
the form of v as well: 


if v = b or v = +0 or v = — J, then we have |+a;v;r| 4 |a;vu;r|, 
because r is repetition-free, and hence a contradiction with t Sp. 
i 


— if v = #0, then it follows from t =, t’ that r = #0 or r = #0;7’ 
for some r’ and hence t is not in third canonical form; 


— if v= #1, then ¢ is not in third canonical form; 


— if v = #1+2, then we make a further case distinction on the form 
of r according to Lemma 1: 


* in the case that r = w, we make a further case distinction on 
the form of w: 

- if w =bor w= +0 or w = —5, then we have |+a; #142; 
w| # |a;#1+2;w| and hence a contradiction with t Sp t’; 

- if w = #0, then we have |+a;#1+2;w;!"*"| F ja; #142; 

w i and hence a contradiction with t =p, t’; 

- ifw = #l/+1 andI' > 1, then we have |+a;#1+2;w;!'41| 4 
la; #14+2;w;!'*4| and hence a contradiction with t Xp. t'; 

- if w = #l/+1 and I’ < l, then we have |+a; #/+2;w; 
WAT SZ qs #142-w:;!"F") and hence a contradiction with 

~pbe t 

- if w = #l'4+1 and I’ = 1, then t is not in third canonical 
form; 

- ifw =!, then we have |+a; #/4+2; w| 4 |a;#/+2; w| and 
hence a contradiction with t =p. t’; 

* in the case that r = w;7r’, for some basic repetition-free 
PGA®© term r’ that is in third canonical form, we make a 
further case distinction on the form of w as well: 

- if w =bor w= +0 or w = —5, then we have |+a; #142; 
w3r'| € \a;#1+2;w;r7'|, because r’ is repetition-free, 
and hence a contradiction with t =. t’; 
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- if w = #0, then it follows from t &p, t’ that r’ = wy ;...; 
wy; #0 or 7! = wy ;...; wi; #0;r” for some r” and hence 
t is not in third canonical form; 

-ifw = #l'+1 andl’ $l, then we have |+a;#/+2;w;r’| 4 
la; #I+2;w;r’|, because r’ is repetition-free, and hence 
a contradiction with t =p. t’; 

- if w= #l'4+1 and I’ = 1, then t is not in third canonical 


form; 
- if w =!, then it follows from t =p. t’ that r’ = wy;...;w7;! 
or r’ =w ,;...;w3!;7r” for some r” and hence t is not 


in third canonical form; 


— if v =!, then it follows from t =, t/ that r=! or r =!;r’ for 
some r’ and hence t is not in third canonical form. 


We conclude from this analysis that, in the case that t = +a;s and t!=a;s 
for some basic repetition-free PGA* term s that is in third canonical form, 
we have a contradiction with t p< t’. 

The analyses for the cases (u, u’) = (—a,a) and (u,u’) = (+a, —a) are 
similar to the analysis for the case (u, u’) = (+a, a). 

In the analysis for the case (u, u’) = (#l,a), we make a case distinction 
on [: 


e if] =0, then we have |#1 ; s| 4 |a; s| and hence a contradiction with 


hs 
be U5 


e if / =1, then we have |#/; s| 4 |a; s|, because s is repetition-free, and 
hence a contradiction with t =p, t’; 


e if / =/' + 2, then we make a further case distinction on the form of s 
according to Lemma 1: 


— in the case that s = v, we have |#1; s| 4 |a;s| and hence a 
contradiction with t =p. v’; 


— in the case that s = v;r, for some basic repetition-free PGA° 
term r that is in third canonical form, it follows from t &p_ t/ 
that r =v, ;...; vy ;a;1r' for some basic repetition-free PGA* 
term r’ that is in third canonical form and we make a further 
case distinction on the form of v: 
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*« ifv =borv=+borv = —b, then we have |#l'+2;v;v1;...; 
oy sa3r'| A |a;v3;v1;...;0y 3a;7’|, because r’ is repetition-free, 
and hence a contradiction with t =p. t’; 

*« if v = #0, then it follows from t =, t/ that r’ = #0 or 
r’ = #0;r” for some r” and hence ¢t is not in third canonical 


form; 
*« ifv = #1’+1 and I” Al’ +1, then we have |#1'+2;v;v1;...; 
vy 3a;7'| 4 |a;v3;vu13...;0y3a;7"|, because r’ is repetition-free, 


and hence a contradiction with t =p. t’; 

*« if v = #l"4+1 and l” =/' +1, then ¢ is not in third canonical 
form; 

* if v=!, then it follows from t =. t’ that r’ =! or r! =!;r” 
for some r” and hence ¢ is not in third canonical form. 


We conclude from this analysis that, in the case that t = #1;s and t/ =a;s 
for some basic repetition-free PGA* term s that is in third canonical form, 
we have a contradiction with t =p, t’. 

The analyses for the cases (u, u’) = (#1, +a) and (u, u’) = (#1, —a) are 
similar to the analysis for the case (u, u’) = (#I, a). 

In the analyses for the cases (u,u’) = (#1, #l'), with | 4 I’, and 
(u,u’) = (#1,!), we use the function len, which assigns to each closed 
repetition-free PGAP* term the length of the instruction sequence that it 
represents. This function is recursively defined as follows: len(w) = 1 and 
len(t ; t’) = len(t) + len(t’). 

In the analysis for the case (u,u’) = (#l,#l’) with | 4 I’, we only 
consider the case | < I’ (because the cases | < I’ and 1 > I’ are symmetric) 
and make a case distinction on /: 


e if / =0, then we have |#0;s| 4 |#l’ ;s| and hence a contradiction with 


be i 
e if0 <1 < len(s), then it follows from t Sp. t’ that s =uy;...3 wj-1; 
@;U13---3 Uy—(141) }@;7 for some basic repetition-free PGA"* term r 


that is in third canonical form and we make a further case distinction 
on the form of v: 


— if vy = bor v; = +6 or v; = —), then we have |#1;u1;...;m_-1;0; 
VIE PEGs | = |#1 3U15---;Ul-154;U1;. UY Saye ae Fh; 
because r is repetition-free, and hence a contradiction with t Sp- 
ae 
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— if vy = #0, then it follows from t &p, t’ that r = #0 or r = #0;7r’ 
for some r’ and hence t is not in third canonical form; 


— ifv, = #l"+1 andl’ 4 I’ — 1, then we have |#1;u1;...; wi-134 


V15..5Up—aaayiasrl A AU 5 u1;.. 541505013... 5 Up_aan iar, 
because r is repetition-free, and hence a contradiction with t Sp. 
t; 
if vy = #1”+1 and I” = I’ — 1, then t is not in third canonical 
form; 

— if v; =!, then it follows from t =p. t/ that r=! or r=!;r' for 


some r’ and hence ¢ is not in third canonical form; 


e if 1 > len(s), then we have |#0; 8; !—'"©| 4 [#0 ; 5; 1)! and 
hence a contradiction with t =p. t’. 


We conclude from this analysis that, in the case that t = #1;s and t’! = #l’;s, 
with | 4 I’, for some basic repetition-free PGA*® term s that is in third 
canonical form, we have a contradiction with t &p¢ t’. 

In the analysis for the case (u,u’) = (#1,!), we make a case distinction 
on I: 


e if / =0, then we have |#1; s| A |!; s| and hence a contradiction with 


be ie 
e if 0 </ < len(s), then it follows from t &p_ t/ that s = uy;...; w_13! 
or s = u,;...;uj_1;!;7r for some r and hence t is not in third canonical 
form; 


e if 1 > len(s y then we have |#I/ ; s| 4 |!; s| and hence a contradiction 
with t =p. t 


We conclude from this analysis that, in the case that t= #1; s and t/ =!;s 
for some basic repetition-free PGA* term s that is in third canonical form, 
we have a contradiction with t p< t’. 

From the conclusions of the analyses, it follows immediately that for all 
basic A eteiaaae PGA'® terms ¢ and ¢’ that are in third canonical form, 
t=tifte la 


We conclude this appendix by going into the main problem that we 
have experienced in mastering the intricacy of a proof of the generalization of 
Theorem 2 from all closed repetition-free PGA terms to all closed PGAP® 
terms. 
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In the proof of Theorem 2, case distinctions are made on a large scale. 
It frequently occurs that the number of cases to be distinguished is kept 
small by making use of Lemma 1. To devise and prove a generalization 
of this lemma that is not restricted to repetition-free terms is not a big 
problem. In the proof of Theorem 2, something of the following form occurs 
at many places: “we have |s| 4 |s’| because r is repetition-free, and hence 
a contradiction with t &,, t/”. At several similar places in the proof of the 
generalization of this theorem, r is not repetition-free and |s| 4 |s’| requires 
an elaborate proof. In some of these proofs, no use can be made of the 
generalization of Lemma 1 and one gets completely lost in the many deeply 
nested case distinctions. This is the main problem that we have experienced. 
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